[*] Binary protection state of libipt_DNAT.so
Partial RELRO No Canary found NX disabled DSO No RPATH No RUNPATH No Symbols
[*] Function printf tear down of libipt_DNAT.so
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/xtables/libipt_DNAT.so @ 0x10c8 */
| #include <stdint.h>
|
; (fcn) fcn.000010c8 () | void fcn_000010c8 (int32_t arg1) {
| r0 = arg1;
0x000010c8 ldr r3, [r0] | r3 = *(r0);
0x000010cc push {r4, r5, r6, lr} |
0x000010d0 tst r3, 1 |
0x000010d4 mov r4, r0 | r4 = r0;
| if ((r3 & 1) != 0) {
0x000010d8 beq 0x112c |
0x000010dc add r6, r0, 4 | r6 = r0 + 4;
0x000010e0 mov r0, r6 | r0 = r6;
0x000010e4 bl 0x708 | xtables_ipaddr_to_numeric ();
0x000010e8 add r5, r4, 0x14 | r5 = r4 + 0x14;
0x000010ec mov r1, r0 | r1 = r0;
0x000010f0 ldr r0, [pc, 0xc4] | r0 = *(0x11b8);
0x000010f4 add r0, pc, r0 | r0 = pc + r0;
0x000010f8 bl 0x6cc | printf (r0, r1, r2, r3, r4, r5)
0x000010fc mov r2, 0x10 | r2 = 0x10;
0x00001100 mov r1, r5 | r1 = r5;
0x00001104 mov r0, r6 | r0 = r6;
0x00001108 bl 0x738 | r0 = memcmp (r0, r1, r2);
0x0000110c cmp r0, 0 |
| if (r0 == 0) {
0x00001110 beq 0x112c | goto label_0;
| }
0x00001114 mov r0, r5 | r0 = r5;
0x00001118 bl 0x708 | r0 = xtables_ipaddr_to_numeric ();
0x0000111c mov r1, r0 | r1 = r0;
0x00001120 ldr r0, [pc, 0x98] | r0 = *(0x11bc);
0x00001124 add r0, pc, r0 | r0 = pc + r0;
0x00001128 bl 0x6cc | printf (r0, r1)
| }
| label_0:
0x0000112c ldr r3, [r4] | r3 = *(r4);
0x00001130 tst r3, 2 |
0x00001134 popeq {r4, r5, r6, pc} |
0x00001138 mov r0, 0x3a | r0 = 0x3a;
0x0000113c bl 0x6c0 | putchar (r0);
0x00001140 ldrh r3, [r4, 0x24] | r3 = *((r4 + 0x24));
0x00001144 ldr r0, [pc, 0x78] | r0 = *(0x11c0);
0x00001148 lsr r1, r3, 8 | r1 = r3 >> 8;
0x0000114c orr r1, r1, r3, lsl 8 | r1 |= (r3 << 8);
0x00001150 lsl r1, r1, 0x10 | r1 <<= 0x10;
0x00001154 lsr r1, r1, 0x10 | r1 >>= 0x10;
0x00001158 add r0, pc, r0 | r0 = pc + r0;
0x0000115c bl 0x6cc | printf (r0, r1, r2, r3)
0x00001160 ldrh r3, [r4, 0x26] | r3 = *((r4 + 0x26));
0x00001164 ldrh r2, [r4, 0x24] | r2 = *((r4 + 0x24));
0x00001168 cmp r2, r3 |
| if (r2 != r3) {
0x0000116c beq 0x118c |
0x00001170 lsr r1, r3, 8 | r1 = r3 >> 8;
0x00001174 ldr r0, [pc, 0x4c] | r0 = *(0x11c4);
0x00001178 orr r1, r1, r3, lsl 8 | r1 |= (r3 << 8);
0x0000117c lsl r1, r1, 0x10 | r1 <<= 0x10;
0x00001180 lsr r1, r1, 0x10 | r1 >>= 0x10;
0x00001184 add r0, pc, r0 | r0 = pc + r0;
0x00001188 bl 0x6cc | printf (r0, r1)
| }
0x0000118c ldr r3, [r4] | r3 = *(r4);
0x00001190 tst r3, 0x20 |
0x00001194 popeq {r4, r5, r6, pc} |
0x00001198 ldrh r3, [r4, 0x28] | r3 = *((r4 + 0x28));
0x0000119c ldr r0, [pc, 0x28] | r0 = *(0x11c8);
0x000011a0 lsr r1, r3, 8 | r1 = r3 >> 8;
0x000011a4 orr r1, r1, r3, lsl 8 | r1 |= (r3 << 8);
0x000011a8 lsl r1, r1, 0x10 | r1 <<= 0x10;
0x000011ac lsr r1, r1, 0x10 | r1 >>= 0x10;
0x000011b0 add r0, pc, r0 | r0 = pc + r0;
0x000011b4 pop {r4, r5, r6, lr} |
0x000011b8 b 0x6cc | return void (*0x6cc)() ();
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/xtables/libipt_DNAT.so @ 0x1288 */
| #include <stdint.h>
|
; (fcn) fcn.00001288 () | void fcn_00001288 (int32_t arg1) {
| int32_t var_4h;
| int32_t var_8h;
| int32_t var_ch;
| r0 = arg1;
0x00001288 ldr r3, [r0] | r3 = *(r0);
0x0000128c push {r0, r1, r2, r4, r5, lr} |
0x00001290 tst r3, 1 |
0x00001294 mov r4, r0 | r4 = r0;
| if ((r3 & 1) != 0) {
0x00001298 beq 0x12e8 |
0x0000129c ldr r3, [r0, 4] | r3 = *((r0 + 4));
0x000012a0 add r5, sp, 8 | r5 += var_8h;
0x000012a4 str r3, [r5, -4]! | *((r5 -= 4)) = r3;
0x000012a8 mov r0, r5 | r0 = r5;
0x000012ac bl 0x708 | r0 = xtables_ipaddr_to_numeric ();
0x000012b0 mov r1, r0 | r1 = r0;
0x000012b4 ldr r0, [pc, 0x94] | r0 = *(0x134c);
0x000012b8 add r0, pc, r0 | r0 = pc + r0;
0x000012bc bl 0x6cc | printf (r0, r1)
0x000012c0 ldmib r4, {r2, r3} | __asm ("ldmib r4, {r2, r3}");
0x000012c4 cmp r3, r2 |
| if (r3 == r2) {
0x000012c8 beq 0x12e8 | goto label_0;
| }
0x000012cc mov r0, r5 | r0 = r5;
0x000012d0 str r3, [sp, 4] | var_4h = r3;
0x000012d4 bl 0x708 | r0 = xtables_ipaddr_to_numeric ();
0x000012d8 mov r1, r0 | r1 = r0;
0x000012dc ldr r0, [pc, 0x70] | r0 = *(0x1350);
0x000012e0 add r0, pc, r0 | r0 = pc + r0;
0x000012e4 bl 0x6cc | printf (r0, r1)
| }
| label_0:
0x000012e8 ldr r3, [r4] | r3 = *(r4);
0x000012ec tst r3, 2 |
| if ((r3 & 2) != 0) {
0x000012f0 beq 0x1348 |
0x000012f4 mov r0, 0x3a | r0 = 0x3a;
0x000012f8 bl 0x6c0 | putchar (r0);
0x000012fc ldrh r3, [r4, 0xc] | r3 = *((r4 + 0xc));
0x00001300 ldr r0, [pc, 0x50] | r0 = *(0x1354);
0x00001304 lsr r1, r3, 8 | r1 = r3 >> 8;
0x00001308 orr r1, r1, r3, lsl 8 | r1 |= (r3 << 8);
0x0000130c lsl r1, r1, 0x10 | r1 <<= 0x10;
0x00001310 lsr r1, r1, 0x10 | r1 >>= 0x10;
0x00001314 add r0, pc, r0 | r0 = pc + r0;
0x00001318 bl 0x6cc | printf (r0, r1, r2, r3)
0x0000131c ldrh r3, [r4, 0xe] | r3 = *((r4 + 0xe));
0x00001320 ldrh r2, [r4, 0xc] | r2 = *((r4 + 0xc));
0x00001324 cmp r2, r3 |
| if (r2 == r3) {
0x00001328 beq 0x1348 | goto label_1;
| }
0x0000132c lsr r1, r3, 8 | r1 = r3 >> 8;
0x00001330 ldr r0, [pc, 0x24] | r0 = *(0x1358);
0x00001334 orr r1, r1, r3, lsl 8 | r1 |= (r3 << 8);
0x00001338 lsl r1, r1, 0x10 | r1 <<= 0x10;
0x0000133c lsr r1, r1, 0x10 | r1 >>= 0x10;
0x00001340 add r0, pc, r0 | r0 = pc + r0;
0x00001344 bl 0x6cc | printf (r0, r1)
| }
| label_1:
0x00001348 add sp, sp, 0xc |
0x0000134c pop {r4, r5, pc} |
| }
[*] Function printf used 9 times libipt_DNAT.so
